Reputation: 707
Graph API in SSO is not working in Azure AD
I am trying to develop a Java web application with SSO by following this azure tutorial. I created an account in Azure and created an AD. Developed and deployed the code in Tomcat. When I try to access the page, I am getting the following error
Exception - java.io.IOException: Server returned HTTP response code: 403 for URL: https://graph.windows.net/ppceses.onmicrosoft.com/users?api-version=2013-04-05
I do not find enough answers for this error. I changed the api-version to 1.6. Even then it did not work.
MORE ANALYSIS:
After troubleshooting, I found out that the logged-in user info is fetched and is available in Sessions object. It errors out when its trying to read the response and convert into the String object. Following is the calling method where it errors out.
HttpClientHelper.getResponseStringFromConn(conn, true);
Actual method to write the response into String:
public static String getResponseStringFromConn(HttpURLConnection conn, boolean isSuccess) throws IOException {
BufferedReader reader = null;
if (isSuccess) {
reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
} else {
reader = new BufferedReader(new InputStreamReader(conn.getErrorStream()));
}
StringBuffer stringBuffer = new StringBuffer();
String line = "";
while ((line = reader.readLine()) != null) {
stringBuffer.append(line);
}
return stringBuffer.toString();
}
The actual issue is on the Graphic API where we try to read the response in the String format.
Upvotes: 1
Views: 1935
Answers (3)
Reputation: 1
The below worked for me. At the active directory app registrations -> app ->settings->permissions-> enable delegate permissions to read directory data. Save and close the blade. Also Click Grant Permissions and close the blade. Once the above is done, Log out and Log in back with a fresh token to the application. (Guess the token with prior authorizations will not reflect the latest permission changes and hence the re-login may have worked in my case)
Upvotes: 0
Reputation: 163
I got the same error, been struggling with it a few days. What I noticed was that even if I checked ALL permissions for Windows Azure Active Directory I still got the 403. So, I deleted the app in App Registrations and created it again from scratch, generated new application key and readded reply urls. In Required Permissions/Windows Azure Active Directory check:
- Sign in and read user profile
- Access the directory as the signed-in user
I can now call me/memberOf successfully.
Hope it helps.
Upvotes: 0
Reputation: 24138
@Anand, According to Microsoft Graph error responses and resource types, the response code 403 means Forbidden below.
Access is denied to the requested resource. The user might not have enough permission.
Please move to the CONFIGURE tab of your application registered in your AAD domain on Azure classic portal, then check whether enable enough permission, please see the figure below.
Upvotes: 1
Related Questions
- Scope Issue in Azure Graph Rest API Java
- Java Graph API scopes issue
- Microsoft Graph Api - request not working
- Forbidden error when calling Microsoft Graph from Java Application using Application ID
- Microsoft Graph SDK for Java - InvalidAuthenticationToken error 80049217
- Java requests to Microsoft Graph API perform ok but return 500
- I get an error code 401 when create a call use graph explorer
- Microsoft Graph API , using ADAL4J
- Azure Active directory Sharepoint & Graph API
- Microsoft Graph API beta endpoint gives 401 Unauthorized